<rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <description>This is a consolidate RSS feed from Dan Griffin, Aaron Margosis and Chris Jackson published in recent 60 days.</description>
    <title>Consolidated RSS Feed</title>
    <link>http://bloggregator.codeplex.com</link>
    <item>
      <title>New case study posted: JW Secure + Microsoft IT</title>
      <link>http://www.jwsecure.com/dan/2009/05/01/new-case-study-posted-jw-secure-microsoft-it/</link>
      <comments>http://www.jwsecure.com/dan/2009/05/01/new-case-study-posted-jw-secure-microsoft-it/#comments</comments>
      <pubDate>Fri, 01 May 2009 22:55:57 +0000</pubDate>
      <dc:creator>dan</dc:creator>
      <category><![CDATA[JW Secure]]></category>
      <category><![CDATA[Microsoft]]></category>
      <guid isPermaLink="false">http://www.jwsecure.com/dan/?p=467</guid>
      <description><![CDATA[The document is here.
]]></description>
      <content:encoded><![CDATA[<p>The document is <a href="http://www.jwsecure.com/files/JWSecure_And_Microsoft_RODC_CaseStudy_Final.pdf">here</a>.</p>
]]></content:encoded>
      <wfw:commentRss>http://www.jwsecure.com/dan/2009/05/01/new-case-study-posted-jw-secure-microsoft-it/feed/</wfw:commentRss>
      <author>dan@jwsecure.com (Dan Griffin)</author>
      <source url="http://www.jwsecure.com/dan">Dan Griffin's Blog</source>
    </item>
    <item>
      <title>Good Windows 7 security features blog post</title>
      <link>http://www.jwsecure.com/dan/2009/04/21/good-windows-7-security-features-blog-post/</link>
      <comments>http://www.jwsecure.com/dan/2009/04/21/good-windows-7-security-features-blog-post/#comments</comments>
      <pubDate>Wed, 22 Apr 2009 01:35:38 +0000</pubDate>
      <dc:creator>dan</dc:creator>
      <category><![CDATA[JW Secure]]></category>
      <category><![CDATA[Microsoft]]></category>
      <category><![CDATA[Security]]></category>
      <category><![CDATA[Smart Cards]]></category>
      <category><![CDATA[Windows 7]]></category>
      <guid isPermaLink="false">http://www.jwsecure.com/dan/?p=451</guid>
      <description><![CDATA[Read it here, from Micrsoft&#8217;s own Windows Security team. Prominently mentioned are three technology and feature areas where JW Secure has considerable integration experience:

Smart cards
Biometrics
BitLocker (our related work here is still confidential; hopefully we&#8217;ll have something public we can discuss in the next couple of months)

]]></description>
      <content:encoded><![CDATA[<p>Read it <a href="http://windowsteamblog.com/blogs/windowssecurity/archive/2009/04/21/end-to-end-trust-and-windows-7.aspx">here</a>, from Micrsoft&#8217;s own Windows Security team. Prominently mentioned are three technology and feature areas where JW Secure has considerable integration experience:</p>
<ul>
<li><a href="http://www.jwsecure.com/downloads.shtml">Smart cards</a></li>
<li><a href="http://bioapprovalworkflow.codeplex.com/">Biometrics</a></li>
<li>BitLocker (our related work here is still confidential; hopefully we&#8217;ll have something public we can discuss in the next couple of months)</li>
</ul>
]]></content:encoded>
      <wfw:commentRss>http://www.jwsecure.com/dan/2009/04/21/good-windows-7-security-features-blog-post/feed/</wfw:commentRss>
      <author>dan@jwsecure.com (Dan Griffin)</author>
      <source url="http://www.jwsecure.com/dan">Dan Griffin's Blog</source>
    </item>
    <item>
      <title>"LUA Bug" demo app</title>
      <link>http://blogs.msdn.com/aaron_margosis/archive/2008/11/07/lua-bug-demo-app.aspx</link>
      <pubDate>Fri, 07 Nov 2008 13:55:00 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9052217</guid>
      <dc:creator>Aaron Margosis</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">2</slash:comments>
      <comments>http://blogs.msdn.com/aaron_margosis/comments/9052217.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/aaron_margosis/commentrss.aspx?PostID=9052217</wfw:commentRss>
      <description>&lt;P&gt;I do a lot of presentations on how to identify and fix "LUA bugs" in applications (*), both for Windows XP and Windows Vista.&amp;nbsp; I frequently use a little VB6 application to demonstrate writing to various portions of the file system and registry, write to .ini files in protected locations, restart services, explicitly check for admin rights, etc.&amp;nbsp; People have asked me to post that app to my blog so that they can use it too.&amp;nbsp; So here it is, including the VB6 project/source code.&lt;/P&gt;
&lt;P&gt;As is, no support, hopefully it's self-explanatory!&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Chris Jackson has a more elaborate demo app with full lab script, geared toward application compatibility tools and techniques on Vista.&amp;nbsp; You can get it &lt;A class="" href="http://blogs.msdn.com/cjacks/archive/2008/01/03/stock-viewer-shim-demo-application.aspx" mce_href="http://blogs.msdn.com/cjacks/archive/2008/01/03/stock-viewer-shim-demo-application.aspx"&gt;here&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;(*)&amp;nbsp; "LUA" = "limited user account", a.k.a., "non-admin", "standard user"&lt;BR&gt;"LUA bugs" = application or feature of an application that 1) works when run by a member of Administrators or Power Users; 2) fails when run by a standard user; and 3) has no valid business or technical reason for requiring administrative control over the computer.&lt;/P&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9052217" width="1" height="1"&gt;</description>
      <enclosure url="http://blogs.msdn.com/aaron_margosis/attachment/9052217.ashx" length="33072" type="application/x-zip-compressed" />
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/Fixing+LUA+Bugs/default.aspx">Fixing LUA Bugs</category>
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/LUA+Buglight/default.aspx">LUA Buglight</category>
      <author>Aaron Margosis</author>
      <source url="http://blogs.msdn.com/aaron_margosis/default.aspx">Aaron Margosis' "Non-Admin" WebLog</source>
    </item>
    <item>
      <title>LUA Buglight 2.0, second preview</title>
      <link>http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx</link>
      <pubDate>Thu, 06 Nov 2008 14:05:00 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9049069</guid>
      <dc:creator>Aaron Margosis</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">5</slash:comments>
      <comments>http://blogs.msdn.com/aaron_margosis/comments/9049069.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/aaron_margosis/commentrss.aspx?PostID=9049069</wfw:commentRss>
      <description>&lt;P&gt;LUA Buglight is a utility that helps identify "LUA bugs" in applications -- application features that that fail as standard user but that work as administrator.&amp;nbsp; I work on it in my spare time, so progress has been slow.&amp;nbsp; Attached to this blog post is the second preview version of LUA Buglight 2.0.&lt;/P&gt;
&lt;P&gt;Main changes since the previous preview:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Single executable:&amp;nbsp; all the helper DLLs, EXEs, etc., are self-extracted to your temp folder when you run the program.&amp;nbsp; No need to copy lots of files around.&lt;/LI&gt;
&lt;LI&gt;For Vista:&amp;nbsp; the helper program that requires elevation is now signed, so you get the nicer elevation prompt.&amp;nbsp; The driver file for Vista is signed as well, so startup is much faster.&lt;/LI&gt;
&lt;LI&gt;Explicit check for x86 -- sorry, the current version cannot be used on 64-bit versions of Windows.&lt;/LI&gt;
&lt;LI&gt;Various bug fixes.&lt;/LI&gt;&lt;/UL&gt;
&lt;P&gt;Some of the improvements of LUA Buglight 2.0 over 1.0:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Much better Vista support&lt;/LI&gt;
&lt;LI&gt;Streamlined UI and improved flow&lt;/LI&gt;
&lt;LI&gt;Identifies more bugs&lt;/LI&gt;
&lt;LI&gt;On XP, not restricted to using a local admin account to create the "this-user-as-admin" context&lt;/LI&gt;
&lt;LI&gt;On Vista, prompts for elevation just one time per session instead of for each test&lt;/LI&gt;
&lt;LI&gt;Log file names autogenerated with timestamp in the name to avoid accidental overwrite of previous logs.&lt;/LI&gt;
&lt;LI&gt;User options saved to the registry.&lt;/LI&gt;&lt;/UL&gt;
&lt;P mce_keep="true"&gt;&amp;nbsp;&lt;/P&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9049069" width="1" height="1"&gt;</description>
      <enclosure url="http://blogs.msdn.com/aaron_margosis/attachment/9049069.ashx" length="761281" type="application/x-zip-compressed" />
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/Fixing+LUA+Bugs/default.aspx">Fixing LUA Bugs</category>
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/LUA+Buglight/default.aspx">LUA Buglight</category>
      <author>Aaron Margosis</author>
      <source url="http://blogs.msdn.com/aaron_margosis/default.aspx">Aaron Margosis' "Non-Admin" WebLog</source>
    </item>
    <item>
      <title>LUA Buglight 2.0 - preview</title>
      <link>http://blogs.msdn.com/aaron_margosis/archive/2008/06/13/lua-buglight-2-0-preview.aspx</link>
      <pubDate>Fri, 13 Jun 2008 04:04:00 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:8594021</guid>
      <dc:creator>Aaron Margosis</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">3</slash:comments>
      <comments>http://blogs.msdn.com/aaron_margosis/comments/8594021.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/aaron_margosis/commentrss.aspx?PostID=8594021</wfw:commentRss>
      <description>&lt;P&gt;Attached to this blog post is a &lt;EM&gt;PREVIEW VERSION&lt;/EM&gt; of LUA Buglight 2.0.&amp;nbsp; LUA Buglight is a utility that helps identify "LUA bugs" in desktop applications -- the bugs that appear when the application is run as a standard user instead of as an administrator.&lt;/P&gt;
&lt;P&gt;Some of the improvements in LUA Buglight 2.0 over its predecessor:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Much better Vista support&lt;/LI&gt;
&lt;LI&gt;Streamlined&amp;nbsp;UI and improved flow&lt;/LI&gt;
&lt;LI&gt;Identifies more bugs&lt;/LI&gt;
&lt;LI&gt;On XP, not restricted to using a local account to create the admin context&lt;/LI&gt;
&lt;LI&gt;On Vista, prompts for elevation just one time per session instead of for each test&lt;/LI&gt;
&lt;LI&gt;User options saved to the registry&lt;/LI&gt;&lt;/UL&gt;
&lt;P&gt;There are more improvements and refinements that I want to make, but I think you'll find it is quite usable now.&amp;nbsp; And I promised some audiences here at Tech*Ed that I would post a preview version here prior to my Friday morning session introducing LUA Buglight 2.0. :-)&lt;/P&gt;
&lt;P&gt;Note that I haven't written up new documentation yet, and that these binaries have not been signed yet.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;EM&gt;Update, June 14:&amp;nbsp; &lt;/EM&gt;&lt;/STRONG&gt;Yes - meant to mention - LUA Buglight is designed only&amp;nbsp;for x86.&amp;nbsp; I'll add a processor check on startup.&lt;/P&gt;
&lt;P&gt;&lt;FONT size=+1&gt;&lt;STRONG&gt;&lt;EM&gt;&lt;FONT color=red&gt;Update, November 6:&lt;/FONT&gt;&lt;/EM&gt;&lt;/STRONG&gt;&amp;nbsp; Removing the attachment, because the Second Preview version is now available &lt;A class="" href="http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx" mce_href="http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx"&gt;here&lt;/A&gt;.&lt;/FONT&gt;&lt;/P&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=8594021" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/Fixing+LUA+Bugs/default.aspx">Fixing LUA Bugs</category>
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/LUA+Buglight/default.aspx">LUA Buglight</category>
      <category domain="http://blogs.msdn.com/aaron_margosis/archive/tags/Vista/default.aspx">Vista</category>
      <author>Aaron Margosis</author>
      <source url="http://blogs.msdn.com/aaron_margosis/default.aspx">Aaron Margosis' "Non-Admin" WebLog</source>
    </item>
    <item>
      <title>Why Custom Actions get a Windows Vista Version Lie on Windows 7</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/05/06/why-custom-actions-get-a-windows-vista-version-lie-on-windows-7.aspx</link>
      <pubDate>Wed, 06 May 2009 22:00:28 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9592192</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">2</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9592192.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9592192</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9592192</wfw:comment>
      <description>&lt;p&gt;Those of you who write application installers using Windows Installer may have noticed a bit of a change in the behavior of version checking in Windows 7 – if you happen to be doing your version checking from a custom action. Let’s have a look.&lt;/p&gt;  &lt;p&gt;If you’d like to follow along, here’s what you need to do. Open up Compatibility Administrator. Expand the Applications tree (this could take a minute), and then start typing Windows Installer to quickly scroll down to this entry.&lt;/p&gt;  &lt;p&gt;First, you’ll notice a few things which we expect. We’re shimming up msiexec.exe (meaning we’re shimming up every MSI package in the world) with WRPDllRegister, WRPMitigation, and WRPRegDeleteKey. These are all of the Windows Resource Protection shims – so if you have an installer that tries to overwrite kernel32 with some really ancient version, for example, it’ll get fixed up instead of failing.&lt;/p&gt;  &lt;p&gt;There’s NonElevatedIDriver – that’s an InstallShield fix, for MSIs created by InstallShield. So far, so good.&lt;/p&gt;  &lt;p&gt;Oh.&lt;/p&gt;  &lt;p&gt;And there’s VistaRTMVersionLie.&lt;/p&gt;  &lt;p&gt;Whazza – huh? (Double takes are completely appropriate here.)&lt;/p&gt;  &lt;p&gt;That’s right, we’re shimming up the Windows Installer application to give it a Windows Vista version lie. What does this affect? Any DLL custom action you implement that does a check to GetVersion(Ex) is now going to think it’s getting Windows Vista instead of Windows 7. Do not pass go, do not collect $200, you’ll think you’re on Windows Vista.&lt;/p&gt;  &lt;p&gt;However, any application that uses the MSI tables and takes a look at the VersionNT property will be told the correct version of Windows. So, on Windows 7, VersionNT == 601. Just like you’d expect.&lt;/p&gt;  &lt;p&gt;From a pragmatic perspective, this improves the overall compatibility of installers on Windows 7 to a huge degree. We did this to systematically fix apps that refuse to install on anything greater than Windows Vista. And it succeeds at this spectacularly.&lt;/p&gt;  &lt;p&gt;From a &amp;quot;bonus side effect” perspective (if you like to think that way) – it does serve the effect of pushing people towards using the declarative method of checking versions in the MSI tables, which is our recommended way of checking for specific versions.&lt;/p&gt;  &lt;p&gt;Not only is it recommended, it’s the only sensible API we have for checking a version. The others are really hard to get right. How would you check to see if a version is greater than or equal to a specific version? Well, GetVersion returns something really strange until you yank it apart (Windows 98, for example, is 0xC0000A04). How obvious is this?&lt;/p&gt;  &lt;p&gt;dwMajorVersion = (DWORD)(LOBYTE(LOWORD(dwVersion)));    &lt;br /&gt;dwMinorVersion = (DWORD)(HIBYTE(LOWORD(dwVersion)));&lt;/p&gt;  &lt;p&gt;OK, so that’s a little silly, and GetVersionEx has a structure that simplifies this. But even with the OSVERSIONINFO structures, you can do things wrong. For example, say you want to check and see if somebody is using at least Windows XP. You could easily do that as:&lt;/p&gt;  &lt;p&gt;if (osvi.dwMajorVersion == 5 &amp;amp;&amp;amp; osvi.dwMinorVerison == 1) {…&lt;/p&gt;  &lt;p&gt;And of course that will do the trick while Windows XP is the only thing around that it works on, but as soon as we release a new version of Windows, it breaks. But let’s say you’re trying to get it right, and you ordered one of those fancy computers whose keyboard actually has a “greater than” key – you could still lose the logic. I’ve seen this many times:&lt;/p&gt;  &lt;p&gt;if (osvi.dwMajorVersion &amp;gt;= 5 &amp;amp;&amp;amp; osvi.dwMinorVersion &amp;gt;= 1) {…&lt;/p&gt;  &lt;p&gt;That’ll work on Windows XP, break on Windows Vista, and work on Windows 7. It’s the wrong logic. Here’s what you’d have to do:&lt;/p&gt;  &lt;p&gt;bIsWindowsXPorLater = ( (osvi.dwMajorVersion &amp;gt; 5) || ( (osvi.dwMajorVersion == 5) &amp;amp;&amp;amp; (osvi.dwMinorVersion &amp;gt;= 1) ));&lt;/p&gt;  &lt;p&gt;And now we’re complex again.&lt;/p&gt;  &lt;p&gt;BUT – with the MSI tables, you can actually use the &amp;gt; key with ease. VersionNT &amp;gt;= 501 will work for Windows XP or greater – for anything we release into the future.&lt;/p&gt;  &lt;p&gt;It’s declarative, so you can see the check. It’s easy to get it right. It’s got a lot going for it. Nevertheless, I’ve still seen a lot of people doing things like:&lt;/p&gt;  &lt;p&gt;VersionNT = 500 OR VersionNT=501 OR VersionNT=502 OR VersionNT=600&lt;/p&gt;  &lt;p&gt;I wonder what they’re going to do for Windows 7?&lt;/p&gt;  &lt;p&gt;Now, of course, from the ivory tower we’re always saying “don’t check versions” and we don’t hear the cries that you have to. In the end, it’s a business decision, and I don’t begrudge anybody for saying they can’t afford to test and support something indefinitely on every permutation of system. That’s hard to do. I know you’re going to check for versions. But, there’s an arms race between app compat and the people who want to do the checks. There has even been a suggestion that we *never again* change the version of Windows. I think that’d be downright silly. There are valid business reasons to know what you’re running on.&lt;/p&gt;  &lt;p&gt;For example, I’ve got a conversation with a customer going on right now where they work on Windows XP, fail on Windows Vista RTM, and work on Windows Vista SP1. Stuff like that happens. (And, since they were checking from a custom action, they were refusing to install on Windows 7, because they thought they were going onto Windows Vista RTM, where they were known to fail. Ouch.) Ideally, this would use the MSI tables to exclude known bad versions, rather than the unknown.&lt;/p&gt;  &lt;p&gt;What I’d like to see is a way to declare supported versions in addition to known bad versions. A known bad version should be blocked – let’s be sensible here. But an unknown version, well if you let it install smoothly, then depending on your relationship with the customer would that indicate a suggestion of support? If it could give some sort of warning “note: this operating system is not supported” but still run, then app compat doesn’t need to come along and remove the launch condition or custom action or verlie the entire framework just to keep apps running.&lt;/p&gt;  &lt;p&gt;I get what you’re going for, but I also get that people want their apps to work unless there’s a technical reason why they don’t work. Even if they’re unsupported. Because, for some people, that’s OK. Particularly consumers, many of whom don’t have a lot of money right now to be buying new stuff. Just dazzle them with amazing new features, and they’ll buy it, but people don’t like buying stuff just because you said “don’t work on the fancy new OS that your new laptop came with.”&lt;/p&gt;  &lt;p&gt;And so it goes.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9592192" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Shims/default.aspx">Shims</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>Changes to the Operating System Layers (Compatibility Modes) in Windows 7</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/04/28/changes-to-the-operating-system-layers-compatibility-modes-in-windows-7.aspx</link>
      <pubDate>Tue, 28 Apr 2009 23:19:47 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9574556</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">4</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9574556.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9574556</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9574556</wfw:comment>
      <description>&lt;p&gt;It’s visible in the beta, but I haven’t heard a lot of people talking about this externally. Regardless, I wanted to shed some light on what happened, and add a bit of the human perspective behind the decision.&lt;/p&gt;  &lt;p&gt;If you inspect the operating system layers (called Compatibility Modes in Compatibility Administrator), you’ll find that they contain an important new entry: AdditiveRunAsHighest. Let’s explore this a bit, because it’s pretty important what it does.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;RunAsHighest&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;First and foremost, AdditiveRunAsHighest is RunAsHighest. (We’ll get to the Additive part in a bit.) It’s an incredibly confusing elevation flag for many folks. It basically means that, if you have the ability to elevate to a higher token, then please do. Otherwise, just stay where you are. That means, if you’re a member of the Administrators group with UAC turned on, and you’re not currently running elevated, you’ll see a prompt. If you are a standard user, you will not. If you have the SeLoadDriver privilege in your token but would otherwise be a standard user, we’ll still split your token, and if you provide the same credentials, we’ll elevate to a token that contains that privilege. (You can’t think too black and white about elevation – not everyone is cleanly either an admin or a standard user.)&lt;/p&gt;  &lt;p&gt;I say that it’s confusing because most people don’t fully grok that. Most people, rather, believe that MMC.exe requires being an admin, and that’s why it prompts. It doesn’t require it, you just happen to have a more privileged token available so it’s going to try to use it. If you were running as a standard user, you wouldn’t see a prompt!&lt;/p&gt;  &lt;p&gt;OK, so we’re off to a good start – the new shim is related to the most confusing elevation flag we’ve got. How have we made that more interesting?&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;AdditiveRunAsHighest&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;If you’re an IT Pro, you’ll like this: you always get to win. You see, a developer can specify, in the XML manifest for an application, the run level for that application. But you, as the IT Pro, get to overrule that. If you think the developer made a bad call with their specified run level, just specify what you think, and you’ll win.&lt;/p&gt;  &lt;p&gt;But AdditiveRunAsHighest means that you only care to vote if the developer didn’t. So, if you find a manifest specifying run level, you’re voting to take what they asked for. If not, then you are asking for RunAsHighest.&lt;/p&gt;  &lt;p&gt;(I guess I find that a little curious because, if you know enough about Windows Vista to add a runlevel to the manifest, it’s not entirely clear why you would need an XP or earlier shim, but so it goes.)&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;Putting it all together&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;What this basically means is that, if you were running as a standard user, and you didn’t work, the RunAsHighest will leave you as a standard user, and unless file/registry virt fixes you, you’re still broken. No regression. But, if you were previously a full admin, and now you’re a protected admin, you’ll prompt to get back to full admin, and away you go.&lt;/p&gt;  &lt;p&gt;If only it were that simple. But, realistically, nobody is super happy with this outcome. This doesn’t represent what we wanted to do, it represents what we could do in the parameters we were given (which included, of course, the parameter of, “we have to ship an operating system”).&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;Elevation fixes ~20% of broken applications that used to work on XP&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;There are truths, half-truths, and statistics. This is a statistic. That’s the bright side. The down side is that the other 80% of applications aren’t fixed by elevation (actually it’s more like 50% when you incorporate this PLUS other fixes in the layer, so that’s a little unfair of me), yet they are prompting you anyway! But, in the absence of other alternatives, it was decided that people are more annoyed by apps not working than they are by prompts. Oh yeah, we know you’re still annoyed by prompts – we just think you’re more annoyed by broken apps.&lt;/p&gt;  &lt;p&gt;And, when it came down to it, even if the number of apps fixed were 10%, it would have been a no-brainer for the team. Broken apps are a serious downer.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;What does it mean for me?&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;Well, if you’ve built up a custom shim database that contains operating system emulation layers, their behavior is going to change. You may want to edit them. I typically recommend that you chose only the specific shims that you need, rather than taking a whole layer, and I’d just go that route.&lt;/p&gt;  &lt;p&gt;If you’re fiddling with the compatibility tab, it means you’re going to get more prompts.&lt;/p&gt;  &lt;p&gt;Several Program Compatibility Assistant scenarios lead to the XPSP2 layer, which will mean more prompts even if you don’t get geeky on us.&lt;/p&gt;  &lt;p&gt;It also could mean that more apps work, if you are a consumer with little knowledge of elevation, tokens, administrators, or any of that garbage, and just want your apps to work. That’s who we’re really targeting with this. Someone advanced enough to find the compatibility tab (or lucky enough to have PCA suggest fixing something) but not advanced enough to be reading this and looking to become a shim ninja.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;What we would rather do&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;Like I said, this was a trade-off. And, honestly, a few folks were pretty up in arms about this (and I count myself among them) until we finally got people to stop suggesting that this was a solution people actually were quite fond of and shouldn’t we just drink the kool-aid and believe that it truly was good for us, and instead fess up that they fought it themselves but just couldn’t get it done in the ideal way so had to find the best compromise for the non-ideal choices that lay before them.&lt;/p&gt;  &lt;p&gt;We’d rather have a quick, automated way to put in a targeted fix that didn’t mean “keep running as admin” and instead did something less reckless. But that’s hard to do. (Aaron Margosis seems like he’s coming pretty darned close, though – just give him time.)&lt;/p&gt;  &lt;p&gt;If we’re going to elevate, we’d like to have a way to kill the prompts somehow. (Aaron won’t be so fond of that one.)&lt;/p&gt;  &lt;p&gt;In the end, it’s all a balancing act. Unlike milk, software doesn’t go bad. You shouldn’t have to go buy a new version of something until it offers features that make you happy (or, these days, until you can afford it). But how do we move the software ecosystem forward, without making you pay the price?&lt;/p&gt;  &lt;p&gt;I keep saying this, I know, but it keeps being true: app compat is hard.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9574556" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Shims/default.aspx">Shims</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/UAC/default.aspx">UAC</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>What’s New in ACT 5.5</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/04/14/what-s-new-in-act-5-5.aspx</link>
      <pubDate>Tue, 14 Apr 2009 20:31:43 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9549148</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">2</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9549148.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9549148</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9549148</wfw:comment>
      <description>&lt;p&gt;&lt;a href="http://www.microsoft.com/downloads/details.aspx?FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971&amp;amp;displaylang=en" target="_blank"&gt;The new ACT is here! The new ACT is here!&lt;/a&gt;&lt;/p&gt;  &lt;p&gt;I’m always on the forefront of breaking news, eh? We shipped ACT 5.5, erm, 11 days ago. (What can I say, it’s been a busy 11 days.) I know &lt;a href="http://blogs.msdn.com/cjacks/archive/2009/02/17/what-is-coming-in-act-5-5-and-should-you-wait-for-it.aspx" target="_blank"&gt;a little while back I blogged about whether or not you can wait for it&lt;/a&gt;, but now you don’t have to. Nice.&lt;/p&gt;  &lt;p&gt;So, I figured I’d talk about a few things that makes this a very worthwhile download. But before I do, I figured you should understand the size of the team that managed to pull this off. The dev team, if I am not mistaken, averaged just slightly over 1 person. The test team averaged less than 1 person. The PM team averaged over 1 person. The documentation team averaged a fraction of a person. Clearly, some trade-offs are required with this kind of a team, and hopefully we made the right ones. (My #1 request remains adding integration points so you can extend the product and/or integrate it with the rest of your infrastructure, but that’s big stuff that a tiny team isn’t likely to pull off. I keep hoping.) That being said, here’s what I like about what’s new:&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;DCP Tagging&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;This is one of the most requested features in ACT (other than integration points), and you can use this in a number of ways.&lt;/p&gt;  &lt;p&gt;If you are planning to deploy Windows by role (in my experience the best way to do it), you can have your DCPs that you deploy to members of each role tagged. Now, when you want to see what software is used by people in each role, you simply pull up everything with this tag. You just can’t do that with 5.0. The closest you’d come is to collect the first role first, categorize them, then the second role, categorize the uncategorized ones, and so forth. But, if you change deployment order, you’re hosed; you depend on apps being fixed from earlier roles, because you can’t determine the overlap.&lt;/p&gt;  &lt;p&gt;If you have multiple organizations that you serve, but you don’t want to manage separate databases (perhaps a loosely aligned collection of business units?) you can now consolidate but still pry things apart as you need to.&lt;/p&gt;  &lt;p&gt;Identifying the remainder of scenarios is left as an exercise to the reader – this one is really something you can invent all kinds of uses for.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;SUA Works with Application Verifier 4.0&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;Remember &lt;a href="http://blogs.msdn.com/cjacks/archive/2009/02/04/standard-user-analyzer-refuses-to-run-with-application-verifier-4-0-and-application-verifier-3-x-is-gone.aspx" target="_blank"&gt;the post where I had to link to old versions of Application Verifier&lt;/a&gt;? No more! Now you can use the up-to-date version! And, of course, that also means you can use SUA on Windows 7 now (since AppVerifier 3.x doesn’t work so well on it).&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;SUA kinda-sorta works on Windows 7 x64&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;OK, 64-bit isn’t officially supported for ACT anywhere. But SUA flat out didn’t work. I don’t know about Windows Vista (I never tried it) but definitely not on Windows 7. The reason? AppVerifier had a little bug (they’re fixing it, but they weren’t going to be done in time for ACT 5.5 and we didn’t want to delay it) where the COM interfaces weren’t working correctly from 32-bit processes. And SUA happened to be calling them from 32-bit processes. So, we brainstormed some alternate solutions, but because you have to call 32-bit AppVerifier to get 32-bit logs, the avenue we finally pursued was using the command line interface to AppVerifier instead of the COM interface. So, things mostly work for testing 32-bit apps on x64 versions of Windows 7 (to my knowledge) – I have not tried it against 64-bit apps, because I’ve never needed that in real life. This is not a guarantee that ACT will work for you on 64-bit, that using it on x64 won’t cause permanent sterility, yada yada. But hey, there were some last-minute heroics on the part of the team to at least give best effort here, and they blew me away. The team may be small, but that doesn’t mean they’re not awesome.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;CompatAdmin has more shim docs in the help, and it now shows you help … ALL the time!&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;This was my pet peeve bug. I guess that’s because the tiny contribution I make was affected by it. You see, I write up the shim documentation, and then hand it off to my favorite technical writer, Liz, who converts them into product-ese. And yes, we have more in ACT 5.5. (What can I say – I have the most boring hobby in the world. Writing documentation.)&lt;/p&gt;  &lt;p&gt;But, if you use 5.0, you’ll notice a little something funny. Select a shim in the system shim database (which is where all the shims are). Notice that little sentence. Is it helpful? Maybe, but probably not. What do you do next? Well, hopefully you look it up in the help. Try it. Guess what? The help –&amp;gt; about functionality is disabled! This bug was open forever, so I used the oldest trick in the book. I debugged it myself. That gets stuff fixed WAY faster. Here’s what I found:&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Consolas"&gt;0:000&amp;gt; kP     &lt;br /&gt;ChildEBP RetAddr&amp;#160; &lt;br /&gt;000be9d4 00134dac USER32!EnableMenuItem(      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; struct HMENU__ * hMenu = 0x075b08ad,&amp;#160; &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; unsigned int uIDEnableItem = 0,&amp;#160; &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; unsigned int uEnable = 0x401) &lt;/font&gt;&lt;/p&gt;  &lt;p&gt;Look that up in MSDN, and you’ll find that the code was disabling the first item of EVERY menu, when it intended to just disable the first item in the first menu. And help was unfortunate enough to be the first menu item. Fixed. Now, you can always get to the help!&lt;/p&gt;  &lt;p&gt;Nice.&lt;/p&gt;  &lt;p&gt;&lt;strong&gt;You don’t have to see reports for operating systems you aren’t migrating to.&lt;/strong&gt;&lt;/p&gt;  &lt;p&gt;When we supported one type of migration, piece of cake. It’s all we’d show. But we got to the point of having so many flavors, it was just confusing. So, now you can pick the ones you care about. Subtle, but a nice touch.&lt;/p&gt;  &lt;p&gt;Those are the highlights. Have a look. Yes, we do support some additional deprecation detection (Windows Mail), but in my experience that’s an extremely low-impact deprecation for the enterprise. And there are a number of other bug fixes. Not a bad showing for a tool developed by 3.141592653589793238462   &lt;br /&gt;643383279502884197169399375105820974944592307816406286208998628    &lt;br /&gt;034825342117067982148086513282306647093844609550582231725359408    &lt;br /&gt;128481117450284102701938521105559644622948954930381964428810975    &lt;br /&gt;665933446128475648233786783165271201909145648566923460348610454    &lt;br /&gt;326648213393607260249141273724587006606315588174881520920962829    &lt;br /&gt;254091715364367892590360011330530548820466521384146951941511609 people.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9549148" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/ACT+5.5/default.aspx">ACT 5.5</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>Manifesting for Compatibility on Windows 7</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/03/27/manifesting-for-compatibility-on-windows-7.aspx</link>
      <pubDate>Sat, 28 Mar 2009 02:35:46 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9515460</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">18</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9515460.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9515460</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9515460</wfw:comment>
      <description>&lt;p&gt;Normally, I’m talking about how to fix applications here, but I want to digress and instead talk about how to help us fix things up in future versions of Windows for you.&lt;/p&gt;  &lt;p&gt;The most frequently used application fix is a version lie. We have to lie to applications that are doing the wrong thing (explicit checks for equality), as well as &lt;a href="http://blogs.msdn.com/oldnewthing/archive/2004/02/13/72476.aspx" target="_blank"&gt;applications that tried to do the right thing but implemented it wrong&lt;/a&gt;.&lt;/p&gt;  &lt;p&gt;There is a new feature in Windows 7 which lets you tell us which version of Windows you are designed for. Of course, that doesn’t help you out if you’re testing for a minimum version, but if you’re testing for a maximum version (by using equality or &amp;lt;) then this is a better mechanism to communicate that. But, of course, it requires communication – you have to tell us what you have designed for in order for us to react to that. And you have to trust us that we’ll do the right thing. (I’d understand if you don’t.) But our hope is that you can put more of the burden on us to keep your application working, rather than taking matters into your own hand (which, in the end, is actually much harder for us since we have to figure out what everyone did independently to arrive at their solutions).&lt;/p&gt;  &lt;p&gt;&lt;a href="http://msdn.microsoft.com/en-us/library/dd371711(VS.85).aspx" target="_blank"&gt;The application manifest now includes a new section, called Compatibility, for you to communicate which version of Windows you were designed for.&lt;/a&gt; It looks like this:&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Courier New"&gt;&amp;lt;?xml version=&amp;quot;1.0&amp;quot; encoding=&amp;quot;UTF-8&amp;quot; standalone=&amp;quot;yes&amp;quot;?&amp;gt;     &lt;br /&gt;&amp;lt;assembly xmlns=&amp;quot;urn:schemas-microsoft-com:asm.v1&amp;quot; manifestVersion=&amp;quot;1.0&amp;quot;&amp;gt;      &lt;br /&gt;&amp;#160; &amp;lt;compatibility xmlns=&amp;quot;urn:schemas-microsoft-com:compatibility.v1&amp;quot;&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160; &amp;lt;application&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; &amp;lt;!--Windows 7--&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; &amp;lt;supportedOS Id=&amp;quot;{35138b9a-5d96-4fbd-8e2d-a2440225f93a}&amp;quot;/&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; &amp;lt;!--Windows Vista--&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160;&amp;#160;&amp;#160; &amp;lt;supportedOS Id=&amp;quot;{e2011457-1546-43c5-a5fe-008deee3d3f0}&amp;quot;/&amp;gt;      &lt;br /&gt;&amp;#160;&amp;#160;&amp;#160; &amp;lt;/application&amp;gt;      &lt;br /&gt;&amp;#160; &amp;lt;/compatibility&amp;gt;      &lt;br /&gt;&amp;lt;/assembly&amp;gt;&lt;/font&gt;&lt;/p&gt;  &lt;p&gt;This setting runs fairly deep. In fact, you can see that we set the operating system context. If you launch the Resource Monitor tool in Windows 7 (which just reeks of &lt;a href="http://blogs.technet.com/markrussinovich/" target="_blank"&gt;Mark Russinovich&lt;/a&gt;, so I know he had some hand in it), you can add a column to display the Operating System Context:&lt;/p&gt;  &lt;p&gt;&lt;a href="http://blogs.msdn.com/blogfiles/cjacks/WindowsLiveWriter/854bdb29b139_12638/image_2.png"&gt;&lt;img style="border-bottom: 0px; border-left: 0px; display: block; float: none; margin-left: auto; border-top: 0px; margin-right: auto; border-right: 0px" title="image" border="0" alt="image" src="http://blogs.msdn.com/blogfiles/cjacks/WindowsLiveWriter/854bdb29b139_12638/image_thumb.png" width="474" height="297" /&gt;&lt;/a&gt; &lt;/p&gt;  &lt;p&gt;What we have put in place is a mechanism by which we can make specific changes to the OS, target the fixed ones at those in the current operating system context, and target the old behavior at applications designed for previous versions. We can use this metadata, if we have it, for all kinds of application compatibility solutions – from switchpoints (introduced in Windows 7) to future implementations of lightweight virtualization.&lt;/p&gt;  &lt;p&gt;But this all hinges on people adding the manifest section to their applications. (Which, of course, means we need to work with tool vendors, including our own.)&lt;/p&gt;  &lt;p&gt;But one question which I had:&lt;/p&gt;  &lt;p&gt;What the f* is with the GUIDs?&lt;/p&gt;  &lt;p&gt;We’ve just never made versioning easy. GetVersion was hard to use. GetVersionEx was easier to use, and easier to use wrong. VerifyVersionInfo was a good idea, but too hard to use.&lt;/p&gt;  &lt;p&gt;And here we go again.&lt;/p&gt;  &lt;p&gt;The argument for GUIDs: Nobody knows what the GUID for Windows 8 is going to be yet. Not even us. So, by using GUIDs, we prevent somebody from claiming compatibility with an operating system they can’t possibly have tested with. (Odd that we’d be so against such a thing in one group, while the IE team gives you the X-UA-Compatible option of edge to do exactly that.)&lt;/p&gt;  &lt;p&gt;The argument against GUIDs: You’re punishing the good guys in order to prevent the bad guys from shooting themselves in the foot. If I test something on Windows 8, and add its GUID to my manifest, I’m going to get both the Windows 8 and Windows 7 fixes (since the OS will simply look at the highest version and apply all previous fixes). But, if I *only* put in the Windows 8 GUID, on Windows 7, I won’t recognize the Windows 8 GUID (since it doesn’t exist yet), and not only will I not give it the Windows 8 fixes, I won’t give it the Windows 7 fixes either. And, if the only fixes I actually needed were the Windows 7 ones, I just broke the app.&lt;/p&gt;  &lt;p&gt;Oy. Can you tell which side of the fence I sit on? Then again, the counter to that is, if I had tested it on Windows 7, I could easily add that GUID as well, and all becomes right again. It just means that people have to understand that including any and all GUIDs from tested operating systems is important.&lt;/p&gt;  &lt;p&gt;So, here I am writing that.&lt;/p&gt;  &lt;p&gt;In addition to specifying the target version, you should specify every version that you’ve tested on. Right now, it doesn’t make a whole lot of difference (since Windows Vista isn’t even looking for this section of the manifest) but the more you can tell us, the more work we can do to help keep your application working in the future. And anything that can help us keep your application working into the future definitely makes everyone more happy. I’ve got my fingers crossed that this gets some uptake…&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9515460" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>Configuring Application Verifier as a Testing Tool Take 2: 99.44% Less Wrong</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/02/27/configuring-application-verifier-as-a-testing-tool-take-2-99-44-less-wrong.aspx</link>
      <pubDate>Fri, 27 Feb 2009 15:55:53 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9448999</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">4</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9448999.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9448999</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9448999</wfw:comment>
      <description>&lt;p&gt;A long time ago (2 years ago – that’s like the Paleolithic era of computers – weren’t we all running TI-99/4As back then?) &lt;a href="http://blogs.msdn.com/cjacks/archive/2007/01/11/configuring-application-verifier-as-a-testing-tool-for-windows-vista-compatibility.aspx" target="_blank"&gt;I put together a post about running Application Verifier as a tester&lt;/a&gt;.&lt;/p&gt;  &lt;p&gt;There were a couple of things I would do differently with this post today. In fact, I’m about to do them differently.&lt;/p&gt;  &lt;p&gt;First, I would remove the redundancy. If you have a look, you’ll see that I end up enabling the same tests multiple times. Why? I’m not sure.&lt;/p&gt;  &lt;p&gt;Next, you may discover on the latest versions of Application Verifier that there’s a bug in my script. My test configuration calls all specify -with ErrorReport=0. It turns out that this is supposed to say “ignore this” but it happens to still (erroneously) log events in previous versions of Windows and Application Verifier. Well, now it doesn’t. So, I wrote a dependency on a bug. Good job, me. (That’s what I get for stealing my AppVerifier configuration script from SUA instead of actually doing my homework.)&lt;/p&gt;  &lt;p&gt;Finally, it ignored the fact that there are 64-bit computers out there. You need to match up the bitness of Application Verifier to the bitness of the application you are trying to test (no, not the operating system – the 64-bit Application Verifier package gives you both).&lt;/p&gt;  &lt;p&gt;If you are running x86 (32-bit), then you simply need to specify appverif.exe, since it’s in system32 (which is probably in your path). If you are running an x64 operating system and want to monitor a 64-bit application, then you simply need to specify appverif.exe, because that will resolve to system32 where the 64-bit version lives. But if you are running an x64 operating system and want to monitor a 32-bit application (what I normally do) you have to get to the 32-bit version of appverif.exe. What I do for that today is specify %windir%\syswow64\appverif.exe to launch the correct version. I’m not sure if there is a better way to do that? I just know you want to make sure you’re calling the 32-bit version when testing a 32-bit app.&lt;/p&gt;  &lt;p&gt;So, rather than leave it wrong, I figured I’d correct it. If you want to configure Application Verifier for use in automated test scripts, here are some scripts that should be (to the best of my knowledge) actually correct.&lt;/p&gt;  &lt;p&gt;First, let’s turn on monitoring and configure tests to record data but not break into a debugger:&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Courier New"&gt;%windir%\syswow64\appverif.exe -enable COM Exceptions Handles Heaps Leak Locks Memory RPC Threadpool TLS -for AppVerifierDemo.exe &lt;/font&gt;&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Courier New"&gt;%windir%\syswow64\appverif.exe -configure 0x400 0x401 0x402 0x403 0x404 0x405 0x406 0x407 0x408 0x409 0x40A 0x40B 0x40C 0x40D 0x40E 0x40F 0x410 -for AppVerifierDemo.exe -with ErrorReport=0x181      &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x650 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x300 0x301 0x302 0x303 0x304 0x305 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x001 0x002 0x003 0x004 0x005 0x006 0x007 0x008 0x009 0x00A 0x00B 0x00C 0x00D 0x00E 0x00F 0x010 0x011 0x012 0x013 0x014 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x900 0x901 0x902 0x903 0x904 0x905 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x200 0x201 0x202 0x203 0x204 0x205 0x206 0x207 0x208 0x209 0x210 0x211 0x212 0x213 0x214 0x215 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x600 0x601 0x602 0x603 0x604 0x605 0x606 0x607 0x608 0x609 0x60A 0x60B 0x60C 0x60D 0x60E 0x60F 0x610 0x611 0x612 0x613 0x614 0x615 0x616 0x617 0x618 0x619 0x61A 0x61B 0x61C 0x61D 0x61E -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x500 -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x700 0x701 0x702 0x703 0x707 0x705 0x706 0x707 0x708 0x709 0x70A 0x70B 0x40C -for AppVerifierDemo.exe -with ErrorReport=0x181       &lt;br /&gt;%windir%\syswow64\appverif.exe -configure 0x350 0x351 0x352 -for AppVerifierDemo.exe -with ErrorReport=0x181&lt;/font&gt; &lt;/p&gt;  &lt;p&gt;With this configuration, you can now run your tests, and generate logs. When you’re done with the execution, you can pull off the logs and store them someplace convenient, so let’s create a script to do that:&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Courier New"&gt;%windir%\syswow64\appverif.exe -export log -for AppVerifierDemo.exe -with To=%userprofile%\desktop\AppVerifierDemo.exe.xml Log=0&lt;/font&gt;&lt;/p&gt;  &lt;p&gt;And finally, let’s disable testing after our test pass is done:&lt;/p&gt;  &lt;p&gt;&lt;font size="1" face="Courier New"&gt;%windir%\syswow64\appverif.exe -disable * -for AppVerifierDemo.exe&lt;/font&gt;&lt;/p&gt;  &lt;p&gt;Hopefully having some guidance around scripting application verifier is helpful (particularly now that it’s more correct)! Oh, and obviously you’ll replace the dummy application name I have here (AppVerifierDemo.exe) with the name of the application you’re trying to test.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9448999" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Verifier/default.aspx">Application Verifier</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Quality/default.aspx">Application Quality</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>What is Coming in ACT 5.5, and Should You Wait for It?</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/02/17/what-is-coming-in-act-5-5-and-should-you-wait-for-it.aspx</link>
      <pubDate>Tue, 17 Feb 2009 20:16:48 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9428436</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">12</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9428436.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9428436</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9428436</wfw:comment>
      <description>&lt;p&gt;With the release of the &lt;a href="http://www.microsoft.com/windows/windows-7/default.aspx" target="_blank"&gt;Windows 7 beta&lt;/a&gt;, there has been a lot of speculation about an accompanying version of the &lt;a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=24DA89E9-B581-47B0-B45E-492DD6DA2971&amp;amp;displaylang=en" target="_blank"&gt;Application Compatibility Toolkit&lt;/a&gt;. Because the release of a version of ACT so frequently accompanies the release of an OS (or a significant service pack, such as Windows XP SP1), we’ve generated this perception in the community that you have to have the version of ACT that is matched up with that particular version of Windows. (We see this a lot with people who are just now deploying Windows XP SP2 – they start looking around for older versions of ACT, which are no longer available.)&lt;/p&gt;  &lt;p&gt;ACT 5.5 is scheduled to be ready by around April. (I’ve also done a piece for &lt;a href="http://technet.microsoft.com/en-us/magazine/default.aspx" target="_blank"&gt;TechNet Magazine&lt;/a&gt; with my friend &lt;a href="http://blog.chriscorio.com/default.aspx" target="_blank"&gt;Chris Corio&lt;/a&gt; that goes deep into the internals of ACT which should be out at around the same time – stay tuned for that.) If you plan to start getting ready for a Windows 7 deployment, do you need to wait for it?&lt;/p&gt;  &lt;p&gt;I don’t think you do.&lt;/p&gt;  &lt;p&gt;But, rather than me just throwing out an opinion, let me walk through the process of an application compatibility project, point out what you could do today with ACT 5.0.3 (the currently available version), and then point out what you would get in addition if you were to wait.&lt;/p&gt;  &lt;h1&gt;Collect&lt;/h1&gt;  &lt;h2&gt;&lt;/h2&gt;  &lt;h2&gt;What you can do today with ACT 5.0&lt;/h2&gt;  &lt;p&gt;You need an inventory of what software you have in order to drive your project. ACT 5.0 will give you an excellent inventory of what you have, so you can get started today figuring out what you have in your ecosystem. In fact, I recommend it, unless…&lt;/p&gt;  &lt;h2&gt;When you should wait for ACT 5.5&lt;/h2&gt;  &lt;p&gt;There is a compelling new feature in ACT 5.5 that may be worth the wait: the ability to “tag” a DCP package. If you have the ability to target deployment of your DCPs, and you’d like to have the applications in your inventory come back reflecting where they came from, then this may be worth the wait.&lt;/p&gt;  &lt;p&gt;ACT 5.5 will include new deprecations in the deprecation agent – specifically, the Windows Mail deprecations. If you see Outlook Express / Windows Mail displaying UI in your organization, then this may be important. But, to be honest, I don’t expect this to have a significant impact on many enterprises at all, so unless you’re particularly worried about this, it may not be worth waiting for. (Obviously it’s useful once it’s out, but do you really want to set yourself back a couple of months to get this if you’d rather get started today?)&lt;/p&gt;  &lt;h1&gt;Analyze&lt;/h1&gt;  &lt;h2&gt;What you can do today with ACT 5.0&lt;/h2&gt;  &lt;p&gt;It kind of depends on how much it bugs you to see “Windows Vista” in the report category as to whether or not you’re comfortable using it.&lt;/p&gt;  &lt;p&gt;The compatibility data will be from Windows Vista and not from Windows 7, but not only are we not breaking that many more things, it’s not as if that data was terribly good to start with (even with Windows Vista, going to windows.com/compatibility was your better option).&lt;/p&gt;  &lt;p&gt;And, of course, if you dump your inventory into Excel to analyze, then 5.0 is fine.&lt;/p&gt;  &lt;h2&gt;When you should wait for ACT 5.5&lt;/h2&gt;  &lt;p&gt;ACT 5.5 will display Windows 7 as an option in the report listing, so that will satisfy your sense of aesthetics. In addition, because the list of operating systems is starting to get kind of big, and you’re likely to only be migrating to one at a time, you will be able to filter them and only display the one you intend to deploy. That simplifies the UI a bit.&lt;/p&gt;  &lt;p&gt;If you are worried about the data you send up to the ACT web service, ACT 5.5 is going to add on some functionality to help. 5.0 would always send the unique Application ID up – but if you unselected it we wouldn’t send any of your evaluation data. ACT 5.5 won’t even send up the ID (as a result, you won’t be able to see any community data for this app) and the tool gives you direct visibility into the exact data that you are sending up. For folks who are concerned about this, you may want to wait for this feature before you sync.&lt;/p&gt;  &lt;p&gt;ACT 5.5 will also be able to support syncing with the Windows Compatibility Center – so no more manually looking things up at windows.com/compatibility! My understanding is that this may not be fully ready to go when the product ships, but it will be able to support it once the service is ready to go. I think that’s going to be huge.&lt;/p&gt;  &lt;p&gt;Note that this doesn’t mean you can’t collect your inventory now – I haven’t personally tested the database upgrade scenario, but I have been loading up my sample database with the log files from an ACT 5.0 DCP deployment, and have had no problems doing so. My guess is that we’ll elegantly handle a database upgrade from 5.0 as well (I just don’t want to promise something I haven’t tried myself).&lt;/p&gt;  &lt;h1&gt;Test and Mitigate&lt;/h1&gt;  &lt;h2&gt;What you can do today with ACT 5.0&lt;/h2&gt;  &lt;h3&gt;Standard User Analyzer&lt;/h3&gt;  &lt;p&gt;SUA is relatively unchanged from the ACT 5.0 version. One big change: you need AppVerifier 4.0+ on Windows 7, and only the ACT 5.5 version works with AppVerifier 4.0+. So, you’d just have to do your testing on Windows Vista or earlier.&lt;/p&gt;  &lt;h3&gt;&lt;strong&gt;Internet Explorer Compatibility Test Tool&lt;/strong&gt;&lt;/h3&gt;  &lt;p&gt;&lt;a href="http://blogs.msdn.com/ie/archive/2008/09/23/application-compatibility-logging-in-ie8.aspx" target="_blank"&gt;IECTT supports IE8 today&lt;/a&gt;, so you don’t have to wait for anything to start investigating your web applications!&lt;/p&gt;  &lt;h3&gt;Setup Analysis Tool&lt;/h3&gt;  &lt;p&gt;Does anybody use the setup analysis tool? It remains, and it’s as uninteresting today as it was for Windows Vista. This could be the last time we see this tool.&lt;/p&gt;  &lt;h3&gt;Compatibility Administrator&lt;/h3&gt;  &lt;p&gt;Compatibility Administrator is relatively unchanged, and you can use it today on Windows 7 without hesitation.&lt;/p&gt;  &lt;h2&gt;When you should wait for ACT 5.5&lt;/h2&gt;  &lt;h3&gt;Standard User Analyzer&lt;/h3&gt;  &lt;p&gt;If you want to test with SUA on Windows 7 itself, you’ll have to wait. But for getting started to get your apps ready for a more secure environment today, you’ll get the same functionality down-level.&lt;/p&gt;  &lt;p&gt;Last I heard, &lt;a href="http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx" target="_blank"&gt;LUA Buglight&lt;/a&gt; also has a version check (alas, in the driver, so you can’t shim it) that keeps it from running on Windows 7, but current builds work fine on Windows 7. Not sure when Aaron plans to release an update.&lt;/p&gt;  &lt;h1&gt;Summary&lt;/h1&gt;  &lt;p&gt;Have we filled all of the gaps with ACT 5.5? Certainly not. I’d love to do more to help people rationalize apps. I’d love to have a smooth integration story (heck, I’d take a rough one if I could just get anything). I’d like a better 64-bit story (that’s on deck). I’d like more focus on the actual process than the technology. There’s always something else I want. But there is some good stuff coming (I’ll never be satisfied anyway).&lt;/p&gt;  &lt;p&gt;In conclusion, the ACT 5.5 story falls very much in line with the rest of the Windows 7 application compatibility story. You can get started today and not incur too much risk of a tool or feature coming along later that is killer. The tags for DCPs may be a killer feature (they’re certainly a highly requested one), but otherwise you can get started today, and the work you do with the tools you have will translate to results in the future.&lt;/p&gt;  &lt;p&gt;If you get started with your inventory and your rationalization, then you can just expect more data to come along later to help you out. In the interim, you can at least be identifying the projects that require a lot of work, and get started on them now. It’s simply a lot smarter to get any fixes you may need (to play nicely with the new security posture begun with Windows Vista and continuing with Windows 7) by working them in to the natural development and deployment cycle of your software today, rather than it is to try to squeeze them all in at the same time only when you begin the deployment of an operating system later.&lt;/p&gt;  &lt;p&gt;I hope this little review is helpful for formulating your tools strategy if a migration to Windows 7 is in your future…&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9428436" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/ACT+5.0/default.aspx">ACT 5.0</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/ACT+5.5/default.aspx">ACT 5.5</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>Standard User Analyzer Refuses to Run with Application Verifier 4.0 (and Application Verifier 3.x is Gone!)</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/02/04/standard-user-analyzer-refuses-to-run-with-application-verifier-4-0-and-application-verifier-3-x-is-gone.aspx</link>
      <pubDate>Wed, 04 Feb 2009 18:01:00 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9396248</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">7</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9396248.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9396248</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9396248</wfw:comment>
      <description>&lt;p&gt;&lt;strong&gt;Updated March 16, 2009: &lt;/strong&gt;Somebody updated these links with the 4.0 version (which kind of defeats the purpose of having these links so I’m not sure what they were thinking) but they’re back to the 3.x version now.&lt;/p&gt;  &lt;hr /&gt;  &lt;p&gt;Hey, there’s a new version of Application Verifier in town, and guess what? Standard User Analyzer doesn’t like it. ACT 5.0.3 (the latest publicly available version) is hard coded to look for versions 3.2 through 3.5, so the brand new version 4.0 kind of leaves this tool in a lurch.&lt;/p&gt;  &lt;p&gt;It’s also a mystery to me why the #1 web hit on live.com for Application Verifier leads to &lt;a title="http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&amp;amp;DisplayLang=en" href="http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&amp;amp;DisplayLang=en"&gt;http://www.microsoft.com/downloads/details.aspx?FamilyID=bd02c19c-1250-433c-8c1b-2619bd93b3a2&amp;amp;DisplayLang=en&lt;/a&gt;, which is a, “We are sorry, the page you requested cannot be found” page, which helpfully has search results from the same search engine, which helpfully has a #1 web hit of the same unhelpful page. Seriously? Did we just not pay attention to the fact that we should have &lt;strong&gt;kept&lt;/strong&gt; this page and forwarded, since people don’t want to have to guess the GUID for the new version? A search for Application Verifier 4.0 brings up the desired download as the #2 hit, so all is not lost (just most).&lt;/p&gt;  &lt;p&gt;But the fact that you can eventually find this incredibly useful and important tool if you try hard enough still doesn’t help fans of Standard User Analyzer (which are many). So, until we release ACT 5.5 (which support Application Verifier 4.0), we posted the 3.x versions again in a super-secret hidden location so you can still download them from us instead of from a random source. Unfortunately, we didn’t include fwlinks in the product so we could just update these links and you wouldn’t have to read this here, an omission we have already fixed.&lt;/p&gt;  &lt;p&gt;So, here’s where you can get the 3.x versions of application verifier:&lt;/p&gt;  &lt;p&gt;&lt;a href="http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.ia64.msi"&gt;http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.ia64.msi&lt;/a&gt;&lt;/p&gt;  &lt;p&gt;&lt;a href="http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.amd64.msi"&gt;http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.amd64.msi&lt;/a&gt;&lt;/p&gt;  &lt;p&gt;&lt;a href="http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.x86.msi"&gt;http://msdl.microsoft.com/download/symbols/debuggers/Private/ApplicationVerifier.x86.msi&lt;/a&gt;&lt;/p&gt;  &lt;p&gt;Note that you really shouldn’t use Application Verifier 3.x on Windows 7 – you’ll want to use Application Verifier 4.x on it, which means you’ll end up waiting for ACT 5.5 to use SUA on Windows 7.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9396248" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+Vista/default.aspx">Windows Vista</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/ACT+5.0/default.aspx">ACT 5.0</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/UAC/default.aspx">UAC</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Verifier/default.aspx">Application Verifier</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>RunAs Radio: Chris Jackson Makes our Applications Compatible</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/01/21/runas-radio-chris-jackson-makes-our-applications-compatible.aspx</link>
      <pubDate>Thu, 22 Jan 2009 03:28:49 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9362097</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">0</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9362097.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9362097</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9362097</wfw:comment>
      <description>&lt;p&gt;I met the guys from &lt;a href="http://www.runasradio.com/" target="_blank"&gt;RunAs Radio&lt;/a&gt; back in Barcelona, and a couple weeks ago I had a chance to sit down and chat with them. &lt;a href="http://www.runasradio.com/default.aspx?showNum=93" target="_blank"&gt;Check it out&lt;/a&gt;.&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9362097" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+Vista/default.aspx">Windows Vista</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
    <item>
      <title>Deprecation of Windows Mail on Windows 7, and the Mystery of CoStartOutlookExpress</title>
      <link>http://blogs.msdn.com/cjacks/archive/2009/01/20/deprecation-of-windows-mail-on-windows-7-and-the-mystery-of-costartoutlookexpress.aspx</link>
      <pubDate>Tue, 20 Jan 2009 06:21:38 GMT</pubDate>
      <guid isPermaLink="false">91d46819-8472-40ad-a661-2c78acb4018c:9343554</guid>
      <dc:creator>Chris Jackson</dc:creator>
      <slash:comments xmlns:slash="http://purl.org/rss/1.0/modules/slash/">1</slash:comments>
      <comments>http://blogs.msdn.com/cjacks/comments/9343554.aspx</comments>
      <wfw:commentRss>http://blogs.msdn.com/cjacks/commentrss.aspx?PostID=9343554</wfw:commentRss>
      <wfw:comment>http://blogs.msdn.com/cjacks/rsscomments.aspx?PostID=9343554</wfw:comment>
      <description>&lt;p&gt;One of the features that we pried away from Windows for Windows 7 is Windows Mail. You can, of course, install Windows Live Mail to get the evolution of the same product, another mail reader of your choosing, or just use web based mail – it’s not as if we’re ending mail as we know it.&lt;/p&gt;  &lt;p&gt;However, we’re an app platform company, and removing anything has its impact. And yes, there were public APIs to drive Windows Mail.&lt;/p&gt;  &lt;p&gt;This is a good way to illustrate exactly how hard you have to try to get an application to break on Windows 7. (Well, there’s always the sure-fire easy formula to get an app that breaks: reverse engineer Windows, write code around what you find, and then hope we never change it. But here I’m talking about apps that were technically following the rules.)&lt;/p&gt;  &lt;p&gt;Let’s take one API: &lt;a href="http://msdn.microsoft.com/en-us/library/ms714689.aspx" target="_blank"&gt;CoStartOutlookExpress&lt;/a&gt;. Seems straightforward enough, and it doesn’t work on Windows 7. But let’s really dig into it, because I’m guessing you probably don’t use this API too often in your code. If you follow the trail of execution far enough, you find yourself in msoert2.dll, in a little function that’s determining if you’re going to work or not. Let’s unassemble that function:&lt;/p&gt;  &lt;p&gt;&lt;font size="3" face="Courier New"&gt;msoert2.dll Section .text (0x43D01000)     &lt;br /&gt;CALL DWORD PTR [KERNEL32.DLL!GetModuleFileNameW]      &lt;br /&gt;TEST EAX,EAX      &lt;br /&gt;JZ 0x43D0A613      &lt;br /&gt;LEA EAX,[EBP-0x20C]      &lt;br /&gt;PUSH EAX      &lt;br /&gt;CALL DWORD PTR [SHLWAPI.DLL!PathFindFileNameW]      &lt;br /&gt;TEST EAX,EAX      &lt;br /&gt;JZ 0x43D0A60C      &lt;br /&gt;PUSH 'WinMail.exe'      &lt;br /&gt;PUSH EAX      &lt;br /&gt;CALL DWORD PTR [MSVCRT.DLL!_wcsicmp]&lt;/font&gt;&lt;/p&gt;  &lt;p&gt;You don’t have to be a master of assembly language, just read the functions. Here’s what we’re doing:&lt;/p&gt;  &lt;ul&gt;   &lt;li&gt;Get the name of the file that’s calling the API&lt;/li&gt;    &lt;li&gt;Determine if that file is winmail.exe&lt;/li&gt; &lt;/ul&gt;  &lt;p&gt;Yep – that’s right, if you wanted to use this API, &lt;strong&gt;you had to name your executable winmail.exe or it wouldn’t work&lt;/strong&gt;. So, yeah – if you did that, then we’re going to break you.&lt;/p&gt;  &lt;p&gt;And the fact that I’m here telling you about this is because people have done exactly that. Man, app compat sure is hard…&lt;/p&gt;&lt;img src="http://blogs.msdn.com/aggbug.aspx?PostID=9343554" width="1" height="1"&gt;</description>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Application+Compatibility/default.aspx">Application Compatibility</category>
      <category domain="http://blogs.msdn.com/cjacks/archive/tags/Windows+7/default.aspx">Windows 7</category>
      <author>Chris Jackson</author>
      <source url="http://blogs.msdn.com/cjacks/default.aspx">Chris Jackson's Semantic Consonance</source>
    </item>
  </channel>
</rss>